Analysis Overview
SHA256
a0466ffc10e366308a02c612d782bf46e90491b989591e64d6fa9f7364d036aa
Threat Level: Known bad
The file XClient.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Contains code to disable Windows Defender
Xworm family
Xworm
Loads dropped DLL
Drops startup file
Drops file in System32 directory
Sets desktop wallpaper using registry
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 19:13
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 19:13
Reported
2024-05-26 19:16
Platform
win7-20240221-en
Max time kernel
118s
Max time network
145s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | IICAcro-58060.portmap.io | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
Files
memory/1084-0-0x000007FEF53F3000-0x000007FEF53F4000-memory.dmp
memory/1084-1-0x0000000000110000-0x0000000000128000-memory.dmp
memory/1084-6-0x000007FEF53F0000-0x000007FEF5DDC000-memory.dmp
memory/1084-7-0x000007FEF53F3000-0x000007FEF53F4000-memory.dmp
memory/1084-8-0x000007FEF53F0000-0x000007FEF5DDC000-memory.dmp
memory/1084-10-0x0000000000600000-0x000000000060C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 19:13
Reported
2024-05-26 19:20
Platform
win10v2004-20240426-en
Max time kernel
373s
Max time network
385s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp" | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\XClient.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95b0246f8,0x7ff95b024708,0x7ff95b024718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff95b0246f8,0x7ff95b024708,0x7ff95b024718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCXJB1wWTMF0S9YWOlc2SRTg/community?lb=Ugkx4s4F2xUf5sudMhmAdYbWBxDD6YldzD5k
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95b0246f8,0x7ff95b024708,0x7ff95b024718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x464
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
C:\Windows\SYSTEM32\CMD.EXE
"CMD.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | IICAcro-58060.portmap.io | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.193.161.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.213.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| FR | 216.58.214.174:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 118.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| FR | 142.250.201.174:443 | youtube.com | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 172.217.20.161:443 | yt3.googleusercontent.com | tcp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | tcp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | tcp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nsr.googlevideo.com | udp |
| GB | 74.125.105.136:443 | rr3---sn-aigl6nsr.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| GB | 74.125.168.167:443 | rr2---sn-aigl6nzl.googlevideo.com | udp |
| US | 8.8.8.8:53 | 136.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6nl7.googlevideo.com | udp |
| GB | 173.194.183.199:443 | rr2---sn-aigl6nl7.googlevideo.com | udp |
| US | 8.8.8.8:53 | 199.183.194.173.in-addr.arpa | udp |
| FR | 142.250.75.234:443 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.213.78:443 | www.youtube.com | udp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
| DE | 193.161.193.99:58060 | IICAcro-58060.portmap.io | tcp |
Files
memory/1728-0-0x00007FF95E6F3000-0x00007FF95E6F5000-memory.dmp
memory/1728-1-0x0000000000E60000-0x0000000000E78000-memory.dmp
memory/1728-6-0x00007FF95E6F0000-0x00007FF95F1B1000-memory.dmp
memory/1728-7-0x00007FF95E6F3000-0x00007FF95E6F5000-memory.dmp
memory/1728-8-0x00007FF95E6F0000-0x00007FF95F1B1000-memory.dmp
memory/1728-9-0x0000000002FE0000-0x0000000002FEC000-memory.dmp
memory/1728-10-0x000000001DED0000-0x000000001DEDC000-memory.dmp
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC
| MD5 | d7073ae47c446575c1757bf593015e3a |
| SHA1 | f31fe3ea3de0c783055c309b1f4826f953a987b6 |
| SHA256 | 6baf038baec2ecb359ce6acdf1d99943b95f0bb5904638e5951a97e675ba4ab4 |
| SHA512 | c02de73d23b9d52679cd142c97eb12ec894cb99b0e79022ac83f92b6a9dc178ae1dabce4e9b707fc60811ee04b90bb5ce77f588fa924741c446ed39654c45af5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_1264_IURQGOIUFRNVXDYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\Desktop\How To Decrypt My Files.html
| MD5 | d2dbbc3383add4cbd9ba8e1e35872552 |
| SHA1 | 020abbc821b2fe22c4b2a89d413d382e48770b6f |
| SHA256 | 5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be |
| SHA512 | bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0da9f01fd965a0f54653f3c49e2166a7 |
| SHA1 | 5173c7bcd3ff7892fc4d3c0399fb10260f6f5b63 |
| SHA256 | c59258d9cddc23efde1a4702eb174f178b7203cad9a1303aeea761e7c459cfd3 |
| SHA512 | 68db5f56258ef190dab266b1c4faa8fab53cb5ab90790a2cb5606d210b24652e11a794d99ee234c55a330ae5a24f2c72141be1fa8b793f5c4799b1e9f0291fde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a0d79877f288ddc2181dd38245cd7707 |
| SHA1 | 82385904112ee36ee660811818c47bd892347b27 |
| SHA256 | a1e6c847a7d88186ca0cca023cc7e227cf2bb0cfc3256fb729fb131fed1d92f6 |
| SHA512 | cf3abc7d593dcabe98e8f2ec4645b9c4da201b3f736fa55b50e4b9ce75a40e5635ccd309a37b838d987adca71aacd673b8f07d315b08138b100c5e7575505d5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a6a57f008cfb2840382435d50ca4223 |
| SHA1 | eadacd9a844a75d1d64142a574a8a5efb36072f9 |
| SHA256 | 10d96228ad91572fb18531ead0fb0c0a85cb129ed57fc6deba2a77e5af1e4218 |
| SHA512 | 18a8bd737cafea949054a1b74d27a95f2bc0290726bc306ad3993da6c6821fe7542d2cf6725bada1959b9512d8f3faffed50e2f4275cacd27c9e14af313cbe4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8287f3138f3b12243cd985468d5e9c9e |
| SHA1 | cdc96bb898078531a724673a4ecc3e46f7ad82ca |
| SHA256 | 0678ace14c39e8b2562ebafae1710644308a961c757c7862114fbb2bfb39383e |
| SHA512 | 5c570d5ea9473e0f2ca2909473b60df0a6433d56c7aa143cff6879fe86143fddf03ff74c3ab997c32ae6872563f11440dec8f7cf55d5122e031dce64188fd0db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 5266f4b1a0fea71b182f7a7585da8f6a |
| SHA1 | 1284507d3c26fa91803a52793591c6951ddd82f7 |
| SHA256 | 1862f344a67ed7ee1b0ecd6079f4f1eedf399394f69f536d6d59cd6027c49d3d |
| SHA512 | 5dc0990a15fa5d02308ee6baba1324db258f2e0e4e27476b3bc887bb245c0547900773543f8db49fa30a68de3988ae0b520ad2833a10f0a23ae801a238db7c4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361224487047004
| MD5 | e5fad329d79ac48deabe62b5563f6d88 |
| SHA1 | 6321bb9cb2c7901971ce9a42bd0d3adc88158a28 |
| SHA256 | c3c138d8c6531bd370b9f210ae86452b093fcfdbe6c758060348400bc2c82ea2 |
| SHA512 | 3d18bbc1995360c3bd7bec7411b23a7ac27cb182f5bf0cfa54e75a9a4e884da467d2f80bcb7144da811f80d853e683eb5694913bba3fb9fb8cff309bb82ed21c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | b4cd65858b1dadf4a764db629a279a1d |
| SHA1 | dd2a06eb6c755fca41c1888cfbf00b06039d8e32 |
| SHA256 | ebf77bfef3e2dd8492df160c72d9daace81a95e4ef394c4646e83bf11d74d0ba |
| SHA512 | da2996ba18d8ae71a90214e4b549ed05cc273da02bbd1ae14311a2733da85d075bcff5f8db3a97ccc5e82af692b8490c6ffe5af88fd1d3a37860d2ffb4965aa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 7653491a2796bbd5028de4d8a8371471 |
| SHA1 | 44ecf1651846d98981e869bde1ccc90a93a366d8 |
| SHA256 | bc496b9a6f90ac2282874caf706f95cc9fd5d968ab205e71e7f5dcad0983092b |
| SHA512 | 4e3e81237d2e5fc5e264006dec0b446b5dcc61aecb951cd26ed544424d6a0b32d34040555c2e5ba70657e466de1cea946bd2eeaa91467b3e7db4eedca8d1f57e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 87a21f29aae519829be59114db9ea372 |
| SHA1 | f4ee0da40a361f7a87d1356997725303eea677c0 |
| SHA256 | e4c1b9dec6089c99a821d070f65e5a6ef6f386f15f6e246e9fcfb45b4c8d5af4 |
| SHA512 | 1f698b97b0db081f83ddf2d4c5a80d57a9e720b1af6a01631d8a65ea46927b4a53ee4af2d157b593d6361d7d35966245f90d08f25232f273b1e4de3b5be4a0ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 6afe0e68075d73c06d53d7eb4d9f1751 |
| SHA1 | 765c5aacb4cceeed78a6b9d3bab4d19c558fd43b |
| SHA256 | 4892f6cbdb2025eb9000ef7b615a7f3a24dfb9a60adafa4e4bf06ceb67e9c828 |
| SHA512 | c51f367d92180a20802c9226396c83b322a3d7f89b449c1ca9a971240dbdefb9c34b7b0606804ca16f0e598a208060b3f3e71530324a0ec349ac38e751b78212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a62d3a19ae8455b16223d3ead5300936 |
| SHA1 | c0c3083c7f5f7a6b41f440244a8226f96b300343 |
| SHA256 | c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e |
| SHA512 | f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | db0e2e3a7833dc6bb9579703da0f660f |
| SHA1 | 2c68ca0ab65105fd1668262c26ee7805adc2d273 |
| SHA256 | c8bdd437b8375fe3cf2350f6f386c68c27778718d66ed7fb0c53de6c6a407fdb |
| SHA512 | 60228db03f7225637a5d01977be2404f2ab2b7254ecb1aca8453d96db0df6d4e56747025713a542a1382964c8ddd8e15dbe2b4a5cdd49f49be0e0e53b5655033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 46ddef46fcb5dd419618c106c05edbed |
| SHA1 | 37c9db224f0884136492015309fca59da227dbef |
| SHA256 | 4aaf4544f54383d771e27406c5b0ccce26536a50b0bf146bf76268207ba6402e |
| SHA512 | 53e2d5275106487db093516f074d1c02ebbb28d6a6e75095c9c02080c3c98a775000e309ed99af037f2a9b21c37445d3dfe3ca9aa4593bb148d6c9a1913692c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e2d2571b-2f2e-4e7e-aa4b-730e9ef690a0.tmp
| MD5 | a6201654abbf5963a7f72dc59fa3ad29 |
| SHA1 | 8c126d6082e5fb130fa586f94ab53e8cd576a04d |
| SHA256 | f4079cde9e627446e9b2550422fdc528a306ea82e485302426c1b3f608ee60cb |
| SHA512 | e6d51d29a7882cb627c56e176ad741e2dec5b0e7ab18becc1740798530ae5edcc243a18cb47be73c533d559dcc76d31e0f87749c5d12547d3372965843723d0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | eb97829b260ccab2ae72b69609c0d8ce |
| SHA1 | 4c4ae9bd395a3a5a4de11680a79a0719b1893924 |
| SHA256 | da9e375a49e122fb659531da049cb2b2c66f075e7cfc0e85f94fd4d9f3a247bb |
| SHA512 | 1264842440d1f135241997af1173363da28f33a9298fd3d8d156aea21040f22d166b5fef7f48dc2e39253d2436f97c9c2772e25787394b6c30d917324f5f7625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 30b1bf30a17b5fe9599be1c17d668579 |
| SHA1 | 923da688881da2b21725414d86b3f5cd86a72d61 |
| SHA256 | dc8126d4c183f7fc8e7923cddc9deb1dbbe35faf83ac4768132cdc8225c7bef6 |
| SHA512 | 3a812e7d63d844fe0410d525a0611b76c4f338422f558e8c8e064bd33051f3dbe863f91dd1028ce85e0e7d91a94a5e964640a4e800b45c3d65741964ae788202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 6cbd881dcc24988e1664435d50030b47 |
| SHA1 | 269122dd700e74e9cb8faebc41524c3ce42ead0a |
| SHA256 | ea4b51275039ca460805539278330770d886369adf6c090c6cdbd4f4cbf45860 |
| SHA512 | f87c01f3649d8801445c2c0ab47ba304189259d68238150c5d007613f06ce124fade4dd545e45207c2f14ae8373dd02e5ad03caa9b337837d73d14cd30ec99a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 6630031798ede053a16fb3a5393a3146 |
| SHA1 | 9ac5109b923f04c18c66d0715a540875cd282d5a |
| SHA256 | e5897e15b01e58b5a2461a0216141349872771489dc6e95e7f35b34ab79e3d5f |
| SHA512 | 5d123d30861560358f83796a9fecd6e995fda6ef33d00b90b6e405f9375d978cc0032dcdf957180c9b330b9cf69ba090e469e066819a9f69f8e5ce6702820e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 53ab12a0ce7174f8a6b08b7bc9f12152 |
| SHA1 | 4c11678ffc4adc7302b2d1a0359cd43042675264 |
| SHA256 | af6a4757b6cdf9d1a753048fa9fd556f218ec606bab0772be762bc70381c14d5 |
| SHA512 | 24d256750880dc8f730e7a2bd9805238569c7ddcbee7c1a5aaaa92b8d8d21c9d228f843f2a1b579c0292f505a43316114c8c6bf697bb414fad399774e78d427b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 320f8941b653a00eeb010347252dfe48 |
| SHA1 | 79efb9eac5439764026ec1611fc083a66e472a0e |
| SHA256 | 32959a0a9e2f3be1b662e08be3e9b15a6edd963094481dad0806b1f7f08bad66 |
| SHA512 | 7af9f29d66def59d8e63b6909fc7ee8520498fec0abc70d16a784830a25dadf5534a15d9409b5eb842d3cdd7becbb5275f65e64c8e831d304afeda65c9850487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 76107c4eef3dcddd9adac6dc1e9bb458 |
| SHA1 | 256ce58a22402e686d4e1adbf78fb4e7051aa87f |
| SHA256 | 4f478c7caef418b6aba123bb403ee0f923e080c53f6698cbe91fdb86a8351e1b |
| SHA512 | a3dcd0ae28839249e55e23b9cb1e0a63badad1ee85443973f75ad9e46ae65e8cfcc93247263176cc1c388405eae2ec04d909df1cd92c0e6e66c1d1a5a7f07d98 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 1107ddd44cf938d9efbba4c02d57c18e |
| SHA1 | 88eafe20e6327e79691a9cb81be276897918805c |
| SHA256 | 364a7a929bc118efbeeb02827394d37a32db6c412c6329e92e8ecc97859600ee |
| SHA512 | 39a28ae4c0e9e948eeb143c683ab80308373622e02fd2dd460207d33098662d0f207fe15e1b01b27cbd4b73238ff2e48e3efc679e67cdffba696f314e7f4350e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | dd16dfef4a82396f34f73795896cc863 |
| SHA1 | 1ffa3615f3a22cefb48132bb137c3294c5d39ca2 |
| SHA256 | 38ba1768f5183c37ac0b6647b0cf0f8a5a2aa1d056a8df8ad439db87edc6d098 |
| SHA512 | 90cbac870c1e37f57602250c02443d9fa2de93df5b38d5092ec4d37e4c017de0424c57858ee791d595a2b757886c74797b3fed65845b6864e651051e00d3860e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 9574abd4ed55b15604770d6b2a97a1ee |
| SHA1 | 73a14fb0fa58e6f04dbdb9634156446bd16e7c75 |
| SHA256 | 7b9ec8a7d383166b1419f5ec116916d06e4e60ac28c2305c67521b8837a623c4 |
| SHA512 | af3f6c86adc9ed46d31f18e2391214c16d95f099ddc307260468de6497d6f106de4480fbd8c5c4ef72317e923933fb8bee6007e1e076c71348082c16f6695f6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | cd15f4ce2bf462ea28f221cfc73d7f40 |
| SHA1 | c2750f0db169960f05bb9fad7e904abdd0772a0d |
| SHA256 | c4820dafdf09e35443abb374f4496d670a66cbfea9b69b90b3ec5aad3d19054d |
| SHA512 | 830d9fe6986be2ef8a15c1ad747804692ba2710115087b73218db6c7a38b39540d87b562ab7ad60a53b6025ceb4f41687d2df4617aefabb2237e44a6357627e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13361224486841004
| MD5 | d6ee9e942787029c7d5cea7370e8465b |
| SHA1 | b937432cf7de3fb000d6e4b55d3710ee2c723f13 |
| SHA256 | 7fd6109b772b2542b9ece96da6a7151e0edfb0a5ea912c5ef00eba0179bb281e |
| SHA512 | 67ffd512bed6a21713dee350bf7e38e80e821a78ab90b7fe6c56fb881ac8309b31af4447e06e2b1064955747323e3315b5a41de40acd6db453e780152146a59d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a110c551b09a6093d0700e4faad46fcf |
| SHA1 | c6c8bb93945dee02b8cbb57cd69b430cfb41289b |
| SHA256 | 9e6713ce7eb9fd0dd8abf440e7b8a3c1ace63fc74630faa32554520391a89aa9 |
| SHA512 | 0b7a75399edaaf9d34a313a82d5c1bbbdc66b6849a9a3ea276803e9beaa0c4a375096d9336db516eaa77af370c61c95753ba04ed3ed8e280cce5eeae9ecd7559 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abf0de074abc6a21e38782dc5efc50fa |
| SHA1 | 9f5fbe0c71040e0fb2d9fc42b784b666102f5a01 |
| SHA256 | 26845506c49233e21ddd3b586cf1fc249b283d77f6938459a68460001fdb9b46 |
| SHA512 | 2fb1aba651b2fa5870c73a330f74af7f3c8a650a5627b8010b5bbba44f2bec7acee4c63b3a58dd06d2422b1814df7de4c5d1d9dc2192da3f36c7fc3a80dba1d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2377978922435f64cef4f3747456de1 |
| SHA1 | e94f9f538b0cfbd806d8dab25942a291270e8384 |
| SHA256 | 429784052c0073e248101d6d1fe9c76ec103a14de297296570182de909447af3 |
| SHA512 | 8a85369800eed241d2541dc60cb3c2785004014bcec35fababfee51ad146521eb5cfa976a6bcc2f27911dc772fc4ec81dbea77d526412f4331ba3b61b9919736 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | bca5f5e0faba0909157d24f0d726ee67 |
| SHA1 | ed088bc65547f9413e502c609b9e8bb482bba4ce |
| SHA256 | bdc5c17b0971c0ce3f3856e963d960aefc5af12a73ffb80477d934881f17516f |
| SHA512 | 5181436d3576d7cfeaf8ba6922b3f11ca1a4619881e53e6d44ce10902fa32e4b1a899b68c84848280aff5ed84f3f7f944e1296969fece345fb5124ef826a1c24 |
memory/1728-450-0x00000000015B0000-0x00000000015BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361224502674745
| MD5 | 8cbbff0dfe9ae6b678e14f8746076d59 |
| SHA1 | 58b12307a5bacb266699f0723fdf155f0900dbe1 |
| SHA256 | dcbf43f580040de5c53103d8eb1b98a73ed9e98b517531179aff4cf0359da0ee |
| SHA512 | 94d3b312a492e6f1d6aea2eb073023999ba09aab26bc0d954dc898727daece0c46b66703d989d5201fee1e7bf5812eb0cae377678b2b61eb031376d53c123055 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7bd921e1-2055-4a8c-b973-7d43680b9786.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 6834548257d6b8c060a0f60e09fb518d |
| SHA1 | 9524b711f930081692d45e5b4c156bb57237791a |
| SHA256 | ee517b200af8371a7e3b5300a64178991068f912e1641977d1a64458c69cf669 |
| SHA512 | be43fa95353bc23ffea7b370da9d04e61ba48abed45607abe21cb7776bcf86c73cea4fdf4f15f8aa0fd4ad9075a0a1500e53efa0916a11e234ea6c53d4d5fd6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | babdf9bd7d019306a0502271214e0721 |
| SHA1 | 73b3a19f3e246ae4c9b5b4c296e248b2d7fd64ed |
| SHA256 | 04ea92bd86f34b4aef00332422375b3d3f6068d874b9ae1f5a597da44c283746 |
| SHA512 | 12ba84ec2b14e3f9957b63cd6df647aa2b6c95546c0a31b2d9423a706bc438186e12e525114f34d2088b8a2308cdfe5038c1f7cab0b74399798983bb37f40032 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 7cfd32ec9699b333f68b99b7436b5a63 |
| SHA1 | 9866049e4110b20ffff8049ec609de2831078f74 |
| SHA256 | b969bc4b5c1785450e2a1b4ae98b4c01f1ee5bd54e26cdbb1d2a7a0b638a6a61 |
| SHA512 | c949ce2bf1ae7ce92f6c1fada565aae18274fd7c8fcbb0c6d987edbd5ff8f1340b82731e7169b26825ee67ee3a8181df78cd5a3e7095662952e9a6378709a4b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 5e139a9dedaf58d45a8c71a8dd43af87 |
| SHA1 | 4b9a8e5d46ed88ae3db20d1f57c442973c1a6487 |
| SHA256 | 821e8f9cd7fda5bcd8d8652cf838396b1432eadf1ac9f6665caec14fdfe262bb |
| SHA512 | 09b312c1ae542cd693e8114e56613d77a3d92f2937f50982d805fa087873849454383ff6e5c5d6484f508e0f1a332dd31ee1bee71eeb1657d7a369c053c09b14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | ba255993d526a31d40125a6becd210f6 |
| SHA1 | 99b79526c0f12bca0322eb3764ccbf443637c530 |
| SHA256 | 3d2ff7becca35ac2f8307bc8d3c71a3d124f44e763a8afd2de1e5e860fc807df |
| SHA512 | a0ef7b2bdca3992637f37adf3dd831841cd68e0d265e2346bde874eb5f45aeb0d3272b0a06378d67c28beef6d045cdb2d71007087631bfd7ae9622a116f68525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 71d968645d912628330bee6f977370eb |
| SHA1 | 8ddd5e781a1e6a8c95fa3559e8aaa282270ca85a |
| SHA256 | ad07129b4b39b2f664c84853dba16ef95dce8f46102eaa6cdcecd1efd1119757 |
| SHA512 | cbd6bd7f4498b8b109e5fbf0201d20aeb726f97e3f747414e0a2d1946909da73754404896eecaeb886871a65fbd95b49e6b6e0553e5bb2145783977c7ef8fa74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 96c28793967db329a2c1cba0636fd039 |
| SHA1 | f1351e374f59dd06c84564c413c61660b45a0b16 |
| SHA256 | e4c00b4b40f0ddb34b8d525015d77055e130f44b6b0b406df2dc2bbbf35c44b7 |
| SHA512 | ef1952dc332f3c3c84535269b58bb5e936b2b66ab142c1c1e2f814f9b477cfb18ab69a2e9cd49e73f12310ca832e3dc3e5ee43a0e89309e60641c6751f85566c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 356e73b65a4d0045e58f04b88fc9f2d7 |
| SHA1 | ffb28ca7226dcc042a382607c92919b7f4f684fd |
| SHA256 | 5b593f266f51192852de0bc76831fab3a1a3fc004cb7759d13d9503df84e566b |
| SHA512 | 2a7175aa62d77ed5a7d6ccf1acc9ca19bf5ae8e49b83e1176c22b75ec9d409315a1836754aebac4eb0d4560005f11578c419e178b2b7b37420cf919d78286512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | e5ae2da506f7c7927a56dd77586e3392 |
| SHA1 | 7a1a401b6a2533522bfce90b33ae07c775c48262 |
| SHA256 | 7fecc023b542fa356084c739d329e6aad507aa1f9b1c92ed8a6dad125a90b87e |
| SHA512 | d25c6a08fa4be52cf4a13e6aba729f8187c9ae283eb79fbf7e6ba808db8f0ab81d288602cae49b062ad9534e6a9d5f0b4fe80837b5f6de6f538289eb224dd071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 210780fd5ec2717c4a040434defde249 |
| SHA1 | bbad43aca346c410217247ee8f187b211563609f |
| SHA256 | c70d07128ee76c504638e3391c1f59995d66ce445d6eeabc3ff04742f8530a57 |
| SHA512 | 00e32cfcc9ccf35313113b5ab9561231102f6c1313de7949115211956ac1b4f8d76c9ab0e84e1218c92e0cca5442aeb3b7ec9fd93b8df4b3d4e136b2eac528c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 0a03faecdccce802167e04aad9585542 |
| SHA1 | d2ee2e6713efd317a909e33e0c382fe342257ae4 |
| SHA256 | b1913f456839dfff6ae7d0b80d6cfb95143da4f382ee047548eacf2ba6063d25 |
| SHA512 | caa3244adc8b9915fed906759e3d5d7d6ca054332056fcbb3c91a53e0afa2d3939259aa3df620d4c21183bc2f6ba9acb9596cdfd43b54e3eddd4d1d40c758edd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 326917e66b6409b7c7a95c96e9a49657 |
| SHA1 | f9487dd1ebf113038ee2964c65e2a8f363ec21d2 |
| SHA256 | bd817751fdd7e743aded823d59711dae2818cd5090ce443495b1ac35c98af656 |
| SHA512 | f8c9d47c973ad5e2bb9718a2f8afda68f5a3e303697522e7429b749b723309e2ee8cad2efa8ca868ec1bd678ed286d8ba6ed4845ab075ec6f2f4e90352c8871a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9de35a9c8522a71176b2e52b2b893454 |
| SHA1 | a71125fb0d2e1ce65adec3a6484ca1ceacf38c2b |
| SHA256 | 2ef43d0ed90bd552580a7e5f1b0fb2c163912efe5205739f881b9681b2493a9a |
| SHA512 | cd0722522dccc11529c511859c7959b3e4a497afdb428562c9eb4d2b0faec97e6bf2d477e7088913910c85a90dde05c1bfdff812c3ab823ad58fccf9ac66fb2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 16ad39b6d75f30253774e2bbad059de6 |
| SHA1 | f91b9bc9e65b2f72b19dcbb2983bc42cb71ddbc7 |
| SHA256 | 128ee733b87340abed500aac0cf517e25b6d6070490be2048783c3073cea1a74 |
| SHA512 | 5272a0dfc7c1485b1498ab5ae53e73e5326abe7ce45b91ad9d192f0e2508e1213e9552e29787b34fbcaf2887d32ad5918648832f372211d5bbccbdbaecf3d727 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9bcb2a64422c74e7f6d232df65faa8ff |
| SHA1 | 95ed7c8cbb5a9d204728ac5337c0bafd6e35294b |
| SHA256 | 1c322f9c4e37ea7237f0bad75f8abd1485b0822e7ed756270581b954d7bdbe19 |
| SHA512 | bd1d8c231a18f7c78ed3022d563d0539c33de9505383adc153bfe4ea3eff0a0ae2b3fa61196ec9ebbd20d1a83e97e5d771cadf50e821ca1491b873c40d2fd746 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2841eed8aa3c356723a99aad3d4e7b06 |
| SHA1 | 11ae41200b917cce9ca2250071e072cc1ad0709a |
| SHA256 | 1d4f16c873217ccfcc08e2fe7cc44245c561d9844ddad5295022078691ff6fd0 |
| SHA512 | 3f7cfe4c9a57d8ef029f168373d6e764314ea6d1f82af46b702fab0efb7aee85645ba98f238e1f481a4b8be59a86402007b19a79f7d64b5ef9ae8af83f9f11da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cb64549988cb091aa461fb10427be1b4 |
| SHA1 | e9f0901d8a9d2c1181d5a18c56ab8dbc2163fc2d |
| SHA256 | 49241301d19e12217366403e470313ac4b998e2c853737f27d826f44c8399e95 |
| SHA512 | dca52afbe364042cc8a8d7fa007892f76acc27273226681b6b491f550da13bcf3821d89ee78cbf9e2b4cd8157fbfefb084afbf9d055967afa6a41917def637cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b61d3774470efd5e5ecfb8b152be438a |
| SHA1 | 948df60b9c7eae1975e97db3ab69e4207a32f486 |
| SHA256 | c4dc9574a3cf07aabf245046c0a41e65b9ffb0a6f8f9b3e72f68b59388123ff9 |
| SHA512 | d472c5956ab9e20c1ef545d52673b1252a0ddd958e205b03291d309cae0eee6bd1147b4932e0a4ca575016087dab900b46e3e92367a9c82271e30961118e025f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1657b29f79df0fa3220130c662b2486f |
| SHA1 | a1023297ef882405127d65c65edc43c84a887d02 |
| SHA256 | be5fd2c675be55a622fa74aeb66e637f0f5a5ccd10ceb5f1798d3ebce2575e3e |
| SHA512 | 38066adec3b488a7932f33fa7915006d51f5ba5c1bc90bad21c394642868e8e0ec1e4a3fa4832f3a8c12901e0503fc97b3412dfa5661adb84528f3dd17daee9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a347f.TMP
| MD5 | 565acf3dbe5bd48c0713aa1727a8758d |
| SHA1 | b35d98b907869af08db1cd94f19496047f3e4aba |
| SHA256 | ab4e6b397b766c9929f4beb40debd576492f08bbb7f8a2204519e6c4e1d11c50 |
| SHA512 | 2c328008a2e02fe0add996e94d65a205703faf94e538a2ca09866d43e0bfb08b07dd6ff575346fdb226190d08ececc48dd077b99a3890dc45eac6166cb89cde0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fb20d769a9b8c7a87bdd09cbea297a15 |
| SHA1 | 763fea6a39c77ace56a2dddaab611ef6b41bbe0b |
| SHA256 | d06ab0f79095ba7802606706245d8b6e52fcae96a23a8b8533eb2410a2627f24 |
| SHA512 | 13554abdbaac49fd72dc803305005b28f8158a1dbb20b9e3b0d1b9f7fb42df66f6533d015e37128249222b4bdc424bbe7db65aca848f025633a30643ecd32883 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e65a9db-0870-4316-a5f6-844c0c276b80\index-dir\the-real-index~RFe5a3970.TMP
| MD5 | 431a0c102448583b1dff3fe5be4de83c |
| SHA1 | bdff9ff78ea5e6d111fc3b8ba3248ea83eb920e9 |
| SHA256 | ad6dd2b92c0b413ae3951e78e1c5cb9f7010afeee3e38343d9f1710f5068aa8c |
| SHA512 | dffef88741837637b035d5562b293412f48e86eca27a88f737817edb912b0c9da18b65737c675b7bd48485005008316ed63af8c2a6fb6748f25caa4d8bb17824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e65a9db-0870-4316-a5f6-844c0c276b80\index-dir\the-real-index
| MD5 | 22270471d23b7a8a9a97105c5d43f36b |
| SHA1 | 9c00c197ae914dcbbe7420f70af793a05272f788 |
| SHA256 | 72131c20b6afca8890df6c36e829cd97eee3831a1ee53eaf2057ee0e2f725ea2 |
| SHA512 | 94cdc5e69a1e1e442a480162a290faf09b1ff94e01da3e23b071b8da6d015b63b0609e7bc906e1e50a7c698620432f71f45f16a6f446386c4694ac7617e8ddab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a12077d8-ab37-469e-8bd4-bf8932e27a6c\index-dir\the-real-index
| MD5 | 5f0b0c64da754b58252cb1b9260ad6eb |
| SHA1 | c0b423e056a8893c8b0030aa727419dc8615c94d |
| SHA256 | 20d4c6255a0ca7fd87f2e6394cc67f6296e9d50b5a49bd43bf7c6e0b86fdc996 |
| SHA512 | 307e438c3b2db134bf5421c0979b8085b761ddf402dfc456849944d8770b4f5121a216b53b044debd6e1ba4b1799a7c5ddb8b2f70e0f4ecef2bf8d1d3fc003fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a12077d8-ab37-469e-8bd4-bf8932e27a6c\index-dir\the-real-index~RFe5a3c20.TMP
| MD5 | a9977fdf8e85e7ea1b8693d3f88a6376 |
| SHA1 | 44b71b4ff89a132881179a8991cb6b7aeca07707 |
| SHA256 | 87cc76868d396551c164b1f591ff999c3effc6ab95a01a844ab4b61e2bc6569d |
| SHA512 | bcda2908118d018f5b4ff670cc88eb54002217bc6636f4988a94e39fdb800f20516dfb056a1701034d9f27bda100de4f6941d4ad6a6447f538a90ca63cd6cfef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 70c865eab68e7fcc64b8f12c0f388be6 |
| SHA1 | e8ac9f083d5ecc4c0725e8afc855df249aa74480 |
| SHA256 | 92e4529c5339e68760808d108e871805dd38d7f878fe5f6dd1890d5f4cd8ed8b |
| SHA512 | 4d906457a8834ebb8e3c21d84d7c3d61dbbe81ed4490316e3bf5c4b994431d7655746f2c1f9095a3e92b06bf5242e7ab189030276711cabe542c122f789da8fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2162a1572493977a6b1b7aaec2d34a40 |
| SHA1 | e625aad6a8bd8ff150329564337b6f376427e621 |
| SHA256 | d0a8acd17664e2ad65036ea793a0353d90f4e1ea560d2cb3d9246b99f45e2005 |
| SHA512 | 4df34fddad1e994ee44d4e22fe02728492a5ef2c3c4668d488485fbd65d1a437e4a461ea0d038f9b78386b2a331aeeeaaeaa0347dc9ef082efeeb0b7cb817d7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a12077d8-ab37-469e-8bd4-bf8932e27a6c\beaf1e3442224e17_0
| MD5 | b31e8c8f3c31ff718919f1c5880a9d65 |
| SHA1 | 0c7cef38fa213d33559f4ee5fa31e72188823753 |
| SHA256 | b764d580da7c38c895c4797321190ce218957e0fe7b0f3b71502f1c975e15f69 |
| SHA512 | 4a6e6ca63ad272cd3e74b45f071fc535ed4dea7879fc456288b8505091c74cb74981f6bcd68cc1374fd82d7b40797560a47fb11e9dba8cd8a4154810404b8e34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce6a05360c901951bb8da0bb43d8f646 |
| SHA1 | 4400aa65b43a2c05fa8fc1cc4fbccf5cd5ed5868 |
| SHA256 | b2fcd8276cb41909363e0cec725102ed0d14f1b633cca58d6f01cdeb17d539ab |
| SHA512 | 861b540b6ad5252128bb3a741110307c0799a5db914987f4eacee5bdcd0f227d0cc1e33bf740d26c17f863f889334c2f7ca26048478ca4e682c9e7467840efd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7980b034ff80f6eaf9667719c728105b |
| SHA1 | 0b13b5cf774139c6d826c71a9474984232cfcc35 |
| SHA256 | 562e0fd34edf6a15c35c1c98dfafd3ab4e867a08c35e4688e98429156c86a2f1 |
| SHA512 | f2508526f8a630e3d78ea63c8be48caf25497ec66bbfca37e5ed30a363a3f04f7901bb2ee716e4c373aac9f1b5a22b73a3e11067671511aa846f925c4cd28383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53afb77429b080f77ff59609cfe1d372 |
| SHA1 | 6b6a9bb68a2b68c16a45314fc6f81fdf560be6b4 |
| SHA256 | 6df00e93b6ad1ebce6748f2b7c8fb08abe30af4fb0117486935b8e68be430711 |
| SHA512 | 20fed9e44cb3b6056915a2a3138740486ab684ecdebe096d02e0b7e9eda4ecce23b088eb3339e3343a21a6e4c9ce2164b4f4cf37ee25189bcada5755b06d192d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38122f66a77bc36d98e1b92a1f3416ac |
| SHA1 | df28e2a4fa98512b0f23ddc7e2cd9d6fc8ee3ec2 |
| SHA256 | 1ff3f0aeab3cc01dac30be922c365501b52fa145c6b4acd0287cb993258a9768 |
| SHA512 | 53ea8f9d1ff5441114ecd9536313663d4df5e2b8320b421edb53b936bcd26dfd290af8b653599c44de6268bc24ce85c20be36f2fb4d73b7fdfd7d7f6c6fbcda1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e65a9db-0870-4316-a5f6-844c0c276b80\index-dir\the-real-index
| MD5 | 354aac9bcc5536ed4758bdae38cf8c19 |
| SHA1 | bce0eaf64ce89f8c88c4f0d1f746f41111ec4080 |
| SHA256 | 20f8867c9875b8ca691458e5679e6852ee162351925f2b6f291de41c6e8cb5fe |
| SHA512 | a993f5570e338bf8f92d0bddb8d3ac2cf6b15d8175cf6ec633d82a6d1134bc0b8d40ec8ead3a995d42abeadfaf74744a4f50ebf4b15f92cc1062a7822817651c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0bee735e73bc5d5a922d563c782c6723 |
| SHA1 | e33ffcefd2761e10b9fa257a6ecd9722bf0d1004 |
| SHA256 | fe1907f30f459a826b64096aefb32762d5fa03c5f037f040915c0e7ba417bbac |
| SHA512 | b66aedb5920789edd71284d2f624884e7d58a5eed6a6536271846fb25ca5d79762f92a1ac2497744997df3cd57ddd74079cdbc5a225c2b8225b76ff27eb88711 |
memory/1728-1065-0x000000001D930000-0x000000001D96A000-memory.dmp
memory/1728-1069-0x00000000016A0000-0x00000000016A8000-memory.dmp
memory/1728-1082-0x000000001BF80000-0x000000001C030000-memory.dmp
memory/1728-1083-0x000000001FEC0000-0x00000000203E8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 5a5ed3dab3c72e0f48538d5262aa8a80 |
| SHA1 | 3993bc799823ae157c644110790786f5508e79eb |
| SHA256 | 2c22d0c41fe1916ba2d6bf49b4dc182b911dd75d2b160cfbaf4146405473c957 |
| SHA512 | 438516ce5d2654cf168d358b0f94196c0708b627007804a36a97bd3a6d4bcf261e5fd87ccccecb785119f08c57528ca62727f2f7e852f5f9e8bbf75f6ee13754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7724ee05405c0183780ecd689c0c544d |
| SHA1 | 3e2dfc53a8d74333671fce77f0f7bef74c627aab |
| SHA256 | f1860ee0622acfe30a0fb0270272d991e7f276b5e45d0544f7c51471da795ed2 |
| SHA512 | 852f4980974a9221c8918b6745c8f24f610b8c1e7eaaf3a1a3469d9a499fd1f258328b17ed4a05b5476c9fb6bcdb259760899ce1ece4a84cf4c287206f82df73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | b0dc39ceed9e8067ee52155b5a6fe3c9 |
| SHA1 | 72f2a574a8afb807ac404a459a0ccb671db87797 |
| SHA256 | 77acb5ceee8b527761d81441c8fd5dd0f0cc0462cf6a1ae76ad3c85b9fa7e6a4 |
| SHA512 | 37de8cfd0c082d19c370effc86ec44940a4f3ed6dfdd1764b15293963fed8eca73aa2ca758617211212f1a09a5b2370837eb7053b72d26d5ef8d45c9743954c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 2c9b4fdf4b27235fd3894bf30a85e982 |
| SHA1 | 50dd01ef9e82566c1f830f56c932b3f31d92f6ee |
| SHA256 | baa11f097540edacf176effcbcc4d38ba06a62006b9801020eb10a1a787fc56d |
| SHA512 | 3bd9cc8e650407819bc0b730373f5c636d54152f314184218e9cb20c87c9a41ab4596abaabec9ee0cd015f13ce670cd258541f49fc2aac4a825bb1cdfa62bead |
memory/1728-1112-0x000000001C030000-0x000000001C03A000-memory.dmp
memory/1728-1113-0x000000001C040000-0x000000001C04C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3939e63067188335f3d40a1f79f93b08 |
| SHA1 | 26ad9628b291e8681237f4adc1f6a2257ffae0d7 |
| SHA256 | 2f0cbf969ecfb138bda2b149546765f8cfe742b34f709ad4927efa07c72370fb |
| SHA512 | 91f163f481365a9f7be337e30b203a2ad23e7bead970f156c16e747162845ce81e0b4b09bbefd9cda84deb11f43e3e9cb9952fb502c167632b05c26af0b906e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d9bbdc65037f440641298be15e2dc8aa |
| SHA1 | 815c72f82f4517b288d7ad1f6e69c47970217627 |
| SHA256 | 7169e09b5dac26bb4c6000c69edc667c3e093a3920b7363764a65be388f3fe88 |
| SHA512 | d9136c16955829006e46a727364ee19a71812bf1e47156a76c817dcbc2554ffb90acd36292aab28ff7303af5e329af2034f75d4f390a6db250e9d21e013a0318 |
memory/1728-1132-0x000000001C060000-0x000000001C06A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 39a7c6d7c98b134f0ae01262d7614a05 |
| SHA1 | be7d02a364c9a0d84aee8fff210984e76245b624 |
| SHA256 | f3fac3ed904fe2a9b28a1f5386c5522c82420a3d93f5df5f607695a9908373eb |
| SHA512 | ee74b565e12a7326d2c17b76b503c8c913f92132600c3a685824b7f8d678e1d2cfad648106c53edf0016c3bb71e8a744ad0b29a680e0da7d181a1057c71f7937 |
memory/1728-1142-0x000000001D9E0000-0x000000001D9EE000-memory.dmp